December 23, 2019

Smartphone location data can be used to identify and track anyone

By John E Dunn

In today’s smartphone economy, hiding your location has become a major challenge.

At any moment, someone knows where you are, or have been, and they might even be able to work out where you will go next.

The work of government? Google? Advertising companies? Or perhaps Facebook, which this week was hauled up by US Senators who think the company is tracking smartphone users locations despite having apparently promised not to?

While these might be tracking your location, according to the New York Times Privacy Project it’s the entities nobody has heard of that should perhaps worry us more.

Its researchers know this, they say, because earlier this year the NYT’s Privacy Project got its hands on a large data set leaked to it by unnamed sources from a “data location company.”

The data contains 50 billion location pings generated by the smartphones of 12 million Americans in cities including New York, Washington, New York, San Francisco, and Los Angeles during 2016 and 2017.

This looks like a first. To date, almost all that is known about how location data is collected and used is based on the capabilities of the technology and inferences made from the business models of the companies concerned.

The research demonstrates what’s really going in new detail. One way to understand it is to view the visuals generated by the NYT to explore the deeper patterns it can be coaxed into revealing.

For instance, the activity map showing a “senior Defense Department official and his wife” as they attended the Women’s March in 2017.

Read more at https://nakedsecurity.sophos.com/2019/12/23/smartphone-location-data-can-be-used-to-identify-and-track-anyone/

Congress passes anti-robocall bill

By Danny Bradbury

A bill to punish robocallers has finished its passage through Congress and is expected to become law any day now.

US phones now get 200m robocalls each day, and lawmakers have had enough. They hope that the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act currently on its way to the President’s desk will put a stop to it.

The bill, introduced in the Senate on 16 January 2019, already passed a Senate vote in May before going to the House of Representatives, where it finally passed with amendments in early December. That sent it back to the Senate, which passed it with a final vote, meaning that once the President signs it, it will be law.

What will this Act do to stop robocallers from polluting US phones with timeshare offers, payday loan scams and other predatory messages? The headline is the $10,000 penalty per violation that the Federal Communications Commission (FCC) could impose on them. It would also force carriers to use a call authentication framework called Secure Telephone Identity Revisited and Signature-based Handling of Asserted information using toKENs (STIR/SHAKEN).

Read more at https://nakedsecurity.sophos.com/2019/12/23/congress-passes-anti-robocall-bill/

Facebook will stop mining contacts with your 2FA number

By Danny Bradbury

Did you know that when you use your phone to authenticate your Facebook login, the company feeds the number into its friend suggestions feature? Neither did most other people until the social media giant told Reuters about it this week.

Facebook operates a two-factor authentication (2FA) system that lets users add a second authentication channel to their account. Instead of relying solely on a username and password, they can also set their account to require a login code from a third-party authentication app, or a code sent via SMS text message to their phone.

It’s the phone number part that’s a problem.

Facebook clearly likes to use as much of your personal data as it feels it can, and that includes the phone number linked to your 2FA setting. A study by researchers at Princeton and Northeastern universities released in May 2018 found that the company had been using these 2FA phone numbers to serve advertisements. What’s worse is that you couldn’t register for the 2FA service without a phone number until Facebook changed its policy in May 2018.

When it fined Facebook $5bn in July 2019, the FTC also made it promise not to do that anymore. The 20-year settlement order that the Commission submitted said that Facebook:

[…] shall not use for the purpose of serving advertisements, or share with any Covered Third Party for such purpose, any telephone number that Respondent has identified through its source tagging system as being obtained from a User prior to the effective date of this Order for the specific purpose of enabling an account security feature designed to protect against unauthorized account access (i.e., two-factor authentication, password recovery, and login alerts).

Read more at https://nakedsecurity.sophos.com/2019/12/23/facebook-will-stop-mining-contacts-with-your-2fa-number/

Man jailed for $122 million scam that fooled Google and Facebook

By John E Dunn

Lithuanian Evaldas Rimasauskas has been sentenced in a Manhattan court to five years in jail for successfully defrauding two large US companies out of $122 million.

The frauds, which happened between 2013 and 2015, involved sending those companies fake invoices that appeared to come from a legitimate Taiwanese company, Quanta Computer Inc.

Not realizing the payments were the sharp end of an elaborate invoice fraud executed using spoofed email addresses, the companies’ accounts departments paid up.

But the most arresting aspect of this fraud isn’t the large sums Rimasauskas stole but the companies he is reported to have conned – Facebook (to the tune of $99 million) and Google ($23 million).

Whaling

Rimasauskas was originally arrested in 2017 for what the FBI described then as Business Email Compromise (BEC) but which others might describe as a form of whaling (highly targeted phishing attacks on senior members of an organization). The victims were identified only as ‘company 1’ and ‘company 2’.

Last March, he pleaded guilty to charges including fraud, identity theft, and several counts of money laundering, and still the victims remained anonymous.

Even during this month’s trial and sentencing, the names remained, officially at least, a matter of conjecture.

Read more at https://nakedsecurity.sophos.com/2019/12/23/man-jailed-for-122-million-scam-that-fooled-google-and-facebook/

Twitter trolls attack epileptics with seizure-inducing images

By Lisa Vaas

On or about 15 December 2016, a troll sent a seizure-inducing GIF via Twitter to an epileptic journalist, Kurt Eichenwald.

The alleged troll, John Rayne Rivello, was indicted for aggravated assault for allegedly triggering an epileptic seizure that caused a complete loss of Eichenwald’s bodily functions and mental faculty and impaired the author, mentally and bodily, for several months.

Last week, three years after the attack on Eichenwald, Rivello was scheduled for a court hearing (which was postponed). He’s expected to plead guilty.

And three years later, during National Epilepsy Awareness Month in November, an army of trolls carried on the assaults, taking over the Epilepsy Foundation’s Twitter handle and hashtags to attack anybody who’s following, the foundation said on Monday:

The attacks, which used the Foundation’s Twitter handle and hashtags to post flashing or strobing lights, deliberately targeted the feed during National Epilepsy Awareness Month when the greatest number of people with epilepsy and seizures were likely to be following the feed.

The foundation says it’s filed formal criminal complaints with law enforcement that describe what it says is a series of attacks on its Twitter feed that are similar to the kind launched against Eichenwald. Eichenwald has said that he received dozens of flashing tweets after the initial attack, and that the FBI was informed of them all.

Read more at https://nakedsecurity.sophos.com/2019/12/20/twitter-trolls-attack-epileptics-with-seizure-inducing-images/

ACS

Advanced Computer Services of Central Florida

Centrally located in Winter Haven, we serve residential and business clients in and around Polk County.

9 Camellia Drive
Winter Haven, FL 33880
863-229-4244

Our Promise to You

Plain language, no tech-talk

We will never try to over-sell you a product you don't need.


Advanced Computer Services of Central Florida is your local, hometown computer service and repair company that can do more than just fix your PC.  We offer highly skilled professionals who can be counted on to give you sound advice on upgrades, software and hardware, commercial & residential networks, hardwire or secure wireless.

No trip charges within Polk County

No after-hours or weekend fees

$45.00/hr Residential

$65.00/hr Commercial - free system evaluation